Version 2.0
  • 04 Nov 2021
  • 4 Minutes to read
  • Dark
    Light
  • PDF

Version 2.0

  • Dark
    Light
  • PDF

Article summary

What's new in CDC Version 2.0

April 2021

Highlights

  • A new and improved Alerts dashboard, with several new features, including:
    • New filtering options.
    • Live updates on alerts.
    • The ability to preview alert details.
  • New alert investigation capability
    • New alert page design with improved investigation support
    • New ChatOps functionality.
  • New, enhanced alert playbook functionality - including the ability to:
    • View playbooks and their details.
    • Interact with the playbook.
    • Mark steps as done.
    • Terminate playbooks.

New and Improved Alerts Dashboard

New Filtering Options

FiltersNew.png

You can now select various filters from the Filters window on the right side of the Alerts screen. Here you can select the severity and status of the filter, filter the status by owner, and more. The selected filters will stay selected till reloading the CDC or reset them back to default.

Live Updates on Alerts

LiveUpdates.png

The Alerts dashboard now features a new toggle button that allows you to select whether you want live updates on your alerts. Note that when this feature is turned off, the Alerts list will not update when changes are made.

Previewing Alert Details

Preview.png

Clicking anywhere on the alert (except on the alert name) will open a preview window. This window offers important alert details and allows for quick and easy browsing between alerts. This capability can help you decide whether to take further action or know whether this is a false positive alert.

Detailed Alert View

DetailedAlertView.png

Selecting an alert by clicking directly on an alert name gives you a detailed view of the alert – including the ability to create an incident, attach or detach an alert to an incident, and view observables, raw data, and other information related to the alert.

The new Alert page includes all information related to the alert - such as general details, observables, raw data, playbooks, etc. Alerts can be dynamically updated so that raw data and observables can change when an alert is opened.

New ChatOps Functionality for Alerts

ChatOps.png

The Alert Details page features a new ChatOps window – which supports the same functionality as in the Incident Details page, including collaboration, file upload, running commands, user mentions, etc.

New Enhanced Alert Playbook Functionality

Version 2.0 features new and enhanced playbook functionality, including the ability to view a list of playbooks that have different statuses and see additional and more advanced details related to playbooks.

View Playbook

ShowPlaybookNew.png

You can now view your playbook details by clicking on the new Playbooks tab. Here you can see a counter of how many playbooks you have, and a list of playbooks that have different statuses – such as Succeeded, In Progress, and Terminated/Terminating.

Playbook Details

PlaybookDetailsNew.png

You can also click a playbook from the playbook list to see additional information and details about the playbook.

Here you can see the sequence of steps for the playbook. These include automated steps (executed by Seemo), for which you can only see the results; and manual steps – where you can see the completion time and the user who completed the step. You can also expand or collapse the steps to see details such as the name of the step, a description, etc. Manual steps can be with or without options.

Mark as Done

MarkAsDoneNew.png

Manual steps – as described above – can be done with or without options. When they are done with no options, the Mark as Done button is always active. When you click Mark as Done, you will need to enter a comment; otherwise the step cannot be completed.

Terminate Playbook

TerminatePlaybookNew.png

With the Terminate Playbook option, you can kill all processes that are currently running for a particular playbook.

Bug Fixes

  • In Chat Upload files, a 'Server error' appears when closing the "Upload files" modal window (CYB-7911).
  • In the Home dashboard, in the 'My recent incidents' widget, incidents were not able to be sorted by 'Priority' (CYB-7896).
  • In the Alerts grid, when filtering by Owner, the dropdown is missing the "Unassigned" option (CYB-7703).
  • In the Alerts grid, it is not possible to remove an owner from an alert (CYB-7684).
  • In the Alerts grid, the alert owner is not live updated for user that removed ownership (CYB-7617).
  • The Search missed results when searching for observables with specific types (CYB-7606).
  • In the Chat Ops window, the chat is not scrolled and the message is not highlighted when jumping to it from a global search/chat link/timeline event (CYB-7597).
  • Users receive email notifications for actions that they were not subscribed to (CYB-7590).
  • Chat Thread - when uploading a file in thread view to a thread, there are incorrect entries in the Files tab (CYB-7561).
  • Missing email notifications for actions performed in the CDC (CYB-7545).
  • In the Global search (Advanced search), it is not possible to see the list of incident owners (CYB-7474),
  • In the Incident page Chat Ops window, an error is thrown while downloading files, even though the download succeeds (CYB-7269).
  • In the 'Weekly report' an incorrect date range is present for last day, last 7 days, last month, and last year period (CYB-6986).
  • When creating an incident, the default type is changed after navigating to the Details page (CYB-6982).
  • In the Incident Observables tab, file names with spaces are not handled properly (CYB-6716).
  • In the usercards, the indication of user status (online/offline) is missing (CYB-6699).

Known Issues

  • The user's icon does not contain their name initials (CYB-9101).
  • A duplicated incident is created when two users create an incident from the same alert at exactly the same time (CYB-6035).

Was this article helpful?

What's Next